CVE-2025-64699

Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 (EC2007 Kernel v5.22)

Description An issue exists where a Security Descriptor with no explicitly configured DACL is applied to a device object by the regService process, which operates with SYSTEM privileges. This could allow an attacker to perform unauthorized raw disk operations, potentially leading to system disruption and exposure of sensitive data, and may facilitate local privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.